Fix #18904: Improve Captcha client-side validation

framework/CHANGELOG.md

@@ -20,6 +20,7 @@ Yii Framework 2 Change Log
 - Bug #18883: Fix `yii\web\HeaderCollection::fromArray()` now ensures lower case keys (rhertogh)
 - Bug #18886: Fix default return of `yii\db\Migration::safeUp()` and `yii\db\Migration::safeDown()` (WinterSilence)
 - Bug #18898: Fix `yii\helpers\Inflector::camel2words()` to work with words ending with 0 (michaelarnauts)
+- Enh #18904: Improve Captcha client-side validation (hexkir)
 
 
 2.0.43 August 09, 2021

framework/assets/yii.validation.js

@@ -261,7 +261,7 @@ yii.validation = (function ($) {
             hash = hash == null ? options.hash : hash[options.caseSensitive ? 0 : 1];
             var v = options.caseSensitive ? value : value.toLowerCase();
             for (var i = v.length - 1, h = 0; i >= 0; --i) {
-                h += v.charCodeAt(i);
+                h += v.charCodeAt(i) << i;
             }
             if (h != hash) {
                 pub.addMessage(messages, options.message, value);

framework/captcha/CaptchaAction.php

@@ -150,7 +150,7 @@ class CaptchaAction extends Action
     public function generateValidationHash($code)
     {
         for ($h = 0, $i = strlen($code) - 1; $i >= 0; --$i) {
-            $h += ord($code[$i]);
+            $h += ord($code[$i]) << $i;
         }
 
         return $h;

tests/js/tests/yii.validation.test.js

@@ -1307,7 +1307,7 @@ describe('yii.validation', function () {
 
     describe('captcha validator', function () {
         // Converted using yii\captcha\CaptchaAction generateValidationHash() method
-        var hashes = {'Code': 379, 'code': 411};
+        var hashes = {'Code': 1497, 'code': 1529};
         var caseInSensitiveData = {
             'valid code in lowercase': ['code', true],
             'valid code in uppercase': ['CODE', true],